Package: empathy
Version: 2.28.2-3
Severity: grave
Tags: security
Justification: user security hole
Hello,
I would like to use the feature of remote desktop sharing via the
empathy. However, allowing this via empathy enables the user on the
other side to control my mouse and keyboard. This despite the fact that
under the gnome-settings I only chose to enable only the desktop for
viewing.
Ofcourse, I could share my desktop through gnome, and then initiate the
empathty call, but then what's the point of having this feature in
empathy, if it does not respect my preferences ?
I file this as a security issue, because I think users on the other side
should not have access to my desktop unless I enabled it specifically.
If I had a sudo session in the last moments before sharing the desktop,
it means that they inherit my root permission and can cause damage,
intentionally or not.
If you don't think it's a security issue, feel free downgrading this
but. Also, I'm almost sure this is GNOME issue, and not Debian, but I
prefer reporting it here.
Regards,
Oz
-- System Information:
Debian Release: squeeze/sid
APT prefers testing
APT policy: (990, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-trunk-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages empathy depends on:
ii dbus-x11 1.2.20-2simple interprocess messaging syst
ii libatk1.0-0 1.28.0-1The ATK accessibility toolkit
ii libbonobo2-0 2.24.2-1Bonobo CORBA interfaces library
ii libc62.10.2-2GNU C Library: Shared libraries
ii libcairo21.8.8-2 The Cairo 2D vector graphics libra
ii libchamplain-0.4-0 0.4.3-1 C library providing ClutterActor t
ii libchamplain-gtk-0.4-0 0.4.3-1 A Gtk+ widget to display maps
ii libclutter-1.0-0 1.0.8-1 Open GL based interactive canvas l
ii libclutter-gtk-0.10-00.10.2-1Open GL based interactive canvas l
ii libdbus-1-3 1.2.20-2simple interprocess messaging syst
ii libdbus-glib-1-2 0.84-1 simple interprocess messaging syst
ii libebook1.2-92.28.2-1Client library for evolution addre
ii libedataserver1.2-11 2.28.2-1Utility library for evolution data
ii libempathy-gtk28 2.28.2-3High-level library and user-interf
ii libempathy30 2.28.2-3High-level library and user-interf
ii libfontconfig1 2.8.0-2 generic font configuration library
ii libfreetype6 2.3.11-1FreeType 2 font engine, shared lib
ii libgconf2-4 2.28.0-1GNOME configuration database syste
ii libgl1-mesa-glx [libgl1] 7.6.1-1 A free implementation of the OpenG
ii libglib2.0-0 2.22.4-1The GLib library of C routines
ii libgnome-keyring02.28.2-1GNOME keyring services library
ii libgstfarsight0.10-0 0.0.17-2Audio/Video communications framewo
ii libgstreamer0.10-0 0.10.25-4+b1Core GStreamer libraries and eleme
ii libgtk2.0-0 2.18.6-1The GTK+ graphical user interface
ii libnotify1 [libnotify1-g 0.4.5-1 sends desktop notifications to a n
ii liborbit21:2.14.17-2 libraries for ORBit2 - a CORBA ORB
ii libpango1.0-01.26.2-1Layout and rendering of internatio
ii libsoup2.4-1 2.29.6-1an HTTP library implementation in
ii libtelepathy-farsight0 0.0.13-1Glue library between telepathy and
ii libtelepathy-glib0 0.10.0-1Telepathy framework - GLib library
ii libunique-1.0-0 1.1.6-1 Library for writing single instanc
ii libwebkit-1.0-2 1.1.17-2Web content engine library for Gtk
ii libx11-6 2:1.3.3-1 X11 client-side library
ii libxcomposite1 1:0.4.1-1 X11 Composite extension library
ii libxdamage1 1:1.1.2-1 X11 damaged region extension libra
ii libxext6 2:1.1.1-2 X11 miscellaneous extension librar
ii libxfixes3 1:4.0.4-1 X11 miscellaneous 'fixes' extensio
ii libxml2 2.7.6.dfsg-2+b1 GNOME XML library
Versions of packages empathy recommends:
ii empathy-doc 2.28.2-3 High-level library and user-interf
ii gvfs-backends 1.4.3-1userspace virtual filesystem - bac
ii telepathy-gabble 0.8.9-1Jabber/XMPP connection manager
ii telepathy-salut 0.3.10-1 Link-local XMPP connection manager
Versions of packages empathy suggests:
pn telepathy-butterfly none (no description available)
pn telepathy-hazenone (no description available)
ii vino 2.28.1-2.1 VNC server for GNOME